Principal Information Security Officer - Mellon College of Science - Pittsburgh Supercomputing Center

Carnegie Mellon University•Pittsburgh, PA

13d•Onsite

About The Position

Carnegie Mellon University is a private, global research university that stands among the world’s most renowned education institutions. With ground-breaking brain science, path-breaking performances, creative start-ups, big data, big ambitions, hands-on learning, and a whole lot of robots, CMU doesn’t imagine the future, we invent it. If you’re passionate about joining a community that challenges the curious to deliver work that matters, your journey starts here! The Pittsburgh Supercomputing Center (PSC) a joint research center of Carnegie Mellon University and the University of Pittsburgh, was established in 1986, and for over 30 years has provided university, government, and industrial researchers with access to several of the most powerful systems for advanced computational research, communications, and data storage available to scientists, engineers, and scholars nationwide for unclassified research. PSC advances science across a wide spectrum of fields, including artificial intelligence/machine learning, medical imaging, weather modeling, cell biology, and genomics. PSC provides a high performance computing and communications service in support of the nation’s computational science work. In addition, PSC is a member of NSF ACCESS, a national computer collaboration of 15 partners from across the U.S. that provides high performance computing, networking, data, scientific visualization and instrument services to the nation’s scientists. The overall responsibility of the Principal Information Security Officer (PISO) is to lead teams of PSC staff members, particularly from the Networking and Systems & Operations groups, in order to develop and implement plans for integrated network-, host- and human-based information security practices and procedures for PSC. The PISO keeps PSC leadership informed about current, ongoing, and emerging security risks affecting both PSC and the broader academic community. In addition to internal responsibilities, the PISO serves in external roles as a key member of Trusted CI—the NSF Cybersecurity Center of Excellence—and in a leadership capacity for the NSF ACCESS Security Team. Within PSC, the PISO collaborates with staff to assess computer security risks, select and implement appropriate safeguards, develop and execute security plans, monitor the effectiveness of measures, and lead responses to security incidents. In Trusted CI, the PISO undertakes similar responsibilities as directed by its leadership, with a particular focus on advancing cybersecurity interoperability.

Requirements

Minimum Bachelor’s Degree in Computer Science or a related field.
Minimum requirements include knowledge and skills developed through 10+ years of work experience in a related job discipline.
Broad understanding of current computer, data and networking information security practices in a high performance computing and communications environment; demonstrated ability to apply that knowledge to develop and implement a practical, effective security program.
Excellent analytical, technical, reasoning, and innovative problem-solving skills.
Ability to lead teams and to function competently in a team environment.
Ability to interact and communicate effectively and courteously with members of PSC, the broader university community, ACCESS and its partner sites, Trusted CI, and the NSF Cyberinfrastructure community.
A combination of education and relevant experience from which comparable knowledge is demonstrated may be considered.
Successful background check

Nice To Haves

A graduate degree in cybersecurity or related field, or certification such as CISSP, CISM, CISA, or CRISC is preferred.

Responsibilities

Oversees information security of leading edge computing and communications equipment. that is in round-the-clock use by the national research community. PSC's Equipment is valued at roughly $60 million.
Leads teams of cybersecurity experts from PSC.
Oversees ACCESS Security Team activities including: policy development, incident response, project planning and advancement, vulnerability evaluation and risk management, reporting requirements to ACCESS and NSF.
Actively participates in Trusted CI projects and initiatives, assists with center operations, and leads projects with other Trusted CI staff. Will serve as PSC site lead and Co-PI for Trusted CI.
Coordinate security in PSC: Conduct periodic assessments of PSC’s cybersecurity program ( based on the Trusted CI Framework core ). With input from members of a team and/or leadership, enhance PSC’s cybersecurity program. Stay current with new security threats, technological advances, and regulatory requirements. Explore applicable cybersecurity improvement strategies and tactics. Lead team that carries out the implementation plans. Coordinate periodic audits of compliance of PSC practices and procedures to requirements, regulations, and standards.
Lead PSC incident response, including protection and custody of evidence. Interact with law enforcement or organizations as necessary.
Oversee development, maintenance, and dissemination of PSC’s documentation on center information security policies and procedures. Participate in local and national computer security incident response groups.
Develop and promote cybersecurity awareness among staff and users. Work with trusted partners/projects (CMU/Pitt/HuBMAP/Neocortex/BIL) IRT cybersecurity projects and programs. Serve as a [CP}ISO on related projects (Neocortex, HuBMAP, BIL, SenNet, ACCESS, etc Regularly report to PSC management on information security posture and oversee scheduled security training for staff and users.
Acts as team leader. Determines own and team's priorities based on overall goals, and may deviate from established procedures and practices as long as end results meet performance objectives and established goals. Gives advice and counsel to PSC, Trusted CI and ACCESS higher management which significantly influence decisions. Performs under minimal supervision. All normal duties and responsibilities are handled independently. Only the most difficult or unique situations are referred to higher management levels. Assesses the severity of an information security or system problem independently and makes a problem determination quickly. Regular status reports and attendance at various meetings is required.

Benefits

Benefits eligible employees enjoy a wide array of benefits including comprehensive medical, prescription, dental, and vision insurance as well as a generous retirement savings program with employer contributions.
Unlock your potential with tuition benefits , take well-deserved breaks with ample paid time off and observed holidays , and rest easy with life and accidental death and disability insurance.
Additional perks include a free Pittsburgh Regional Transit bus pass, access to our Family Concierge Team to help navigate childcare needs, fitness center access , and much more!
For a comprehensive overview of the benefits available, explore our Benefits page .

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume